| Message ID | 0fad341f-b7f5-f859-d55d-f0084ee7087e@suse.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 81ff2c37f9e5d77593928df0536d86443195fd64 |
| Headers | show |
| Series | [v3] x86/stackframe/32: repair 32-bit Xen PV | expand |
* Jan Beulich <jbeulich@suse.com> wrote: > Once again RPL checks have been introduced which don't account for a > 32-bit kernel living in ring 1 when running in a PV Xen domain. The > case in FIXUP_FRAME has been preventing boot. Adjust BUG_IF_WRONG_CR3 > as well to guard against future uses of the macro on a code path > reachable when running in PV mode under Xen; I have to admit that I > stopped at a certain point trying to figure out whether there are > present ones. > > Fixes: 3c88c692c287 ("x86/stackframe/32: Provide consistent pt_regs") > Signed-off-by: Jan Beulich <jbeulich@suse.com> > --- > v3: Move USER_SEGMENT_RPL_MASK definition to segment.h. Further explain > the BUG_IF_WRONG_CR3 adjustment. > v2: Avoid #ifdef and alter comment along the lines of Andy's suggestion. Since the breakage was introduced in v5.3, I've added a Cc: stable line. Thanks, Ingo
--- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -172,7 +172,7 @@ ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI .if \no_user_check == 0 /* coming from usermode? */ - testl $SEGMENT_RPL_MASK, PT_CS(%esp) + testl $USER_SEGMENT_RPL_MASK, PT_CS(%esp) jz .Lend_\@ .endif /* On user-cr3? */ @@ -217,7 +217,7 @@ testl $X86_EFLAGS_VM, 4*4(%esp) jnz .Lfrom_usermode_no_fixup_\@ #endif - testl $SEGMENT_RPL_MASK, 3*4(%esp) + testl $USER_SEGMENT_RPL_MASK, 3*4(%esp) jnz .Lfrom_usermode_no_fixup_\@ orl $CS_FROM_KERNEL, 3*4(%esp) --- a/arch/x86/include/asm/segment.h +++ b/arch/x86/include/asm/segment.h @@ -31,6 +31,18 @@ */ #define SEGMENT_RPL_MASK 0x3 +/* + * When running on Xen PV, the actual privilege level of the kernel is 1, + * not 0. Testing the Requested Privilege Level in a segment selector to + * determine whether the context is user mode or kernel mode with + * SEGMENT_RPL_MASK is wrong because the PV kernel's privilege level + * matches the 0x3 mask. + * + * Testing with USER_SEGMENT_RPL_MASK is valid for both native and Xen PV + * kernels because privilege level 2 is never used. + */ +#define USER_SEGMENT_RPL_MASK 0x2 + /* User mode is privilege level 3: */ #define USER_RPL 0x3
Once again RPL checks have been introduced which don't account for a 32-bit kernel living in ring 1 when running in a PV Xen domain. The case in FIXUP_FRAME has been preventing boot. Adjust BUG_IF_WRONG_CR3 as well to guard against future uses of the macro on a code path reachable when running in PV mode under Xen; I have to admit that I stopped at a certain point trying to figure out whether there are present ones. Fixes: 3c88c692c287 ("x86/stackframe/32: Provide consistent pt_regs") Signed-off-by: Jan Beulich <jbeulich@suse.com> --- v3: Move USER_SEGMENT_RPL_MASK definition to segment.h. Further explain the BUG_IF_WRONG_CR3 adjustment. v2: Avoid #ifdef and alter comment along the lines of Andy's suggestion.